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5/5/1 (Item 1 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2003 Thomson Derwent . All rts. reserv. 



008212601 **Image available** 

WPI Acc No: 1990-099602/199013 

XRPX Acc No: N90-076973 

Public key cryptography system - allows trusted member of group to 
provide individual secret keys to other members of group and group 
membership to be authenticated 

Patent Assignee: NCR CORP (NATC ); NCR INT INC (NATC ) 

Inventor: AUSTIN J R; AUSTIN J 

Number of Countries: 010 Number of Patents: 008 
Patent Family: 
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Priority Applications (No Type Date) : 

19880819 
Cited Patents: 2.Jnl.Ref 
Patent Details: 

Patent No Kind Lan Pg Main IPC 
WO 9002456 A E 24 

Designated States (National) : AU 
Designated States (Regional) : CH 
EP 400103 A 

Designated States (Regional) : CH 
EP 400103 Bl E 14 H04L-009/30 

Designated States (Regional) : CH 
68907717 E H04L-009/30 
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US 89364949 A 19890612; GB 8819767 A 



Filing Notes 
JP 

DE FR GB NL 



H04L-009/30 



DE FR GB LI NL 

Based on patent 
DE FR GB LI NL 
Based on patent 
Based on patent 



WO 9002456 

EP 400103 
WO 9002456 



Abstract (Basic) : WO 9002456 A 

At the trusted processor, the public key (N,e) is generated, where 
N is the product of two prime numbers (P,Q) and e is a corresponding 
public key integer value. Third and fourth prime number (R,S) are 
selected, and two values Nmi, psi (Nmi) are sent to the requesting 
device. The first value Nmi equals NRS and the second value psi (Nmi) 
equals psi (N) (R-l) (S-l) where the symbol psi represents the number of 
integers less than N which are relatively prime to N. 

At the requesting device, fifth and sixth prime numbers,. T,W are 
selected (152), and third and fourth values Nm, dm are computer (154), 
where Nm equals Nmi.TU and dm equal 1 + K psi (Nm) where psi (Nm) - psi 
(Nmi). (T-l) . (u-1) and k, dm are integers. Consequently, dm is adapted 
for use by the requesting device as the secret key counterpart of the 
public key value e relative to the modulus Mn. 

ADVANTAGE - Any group member may be provided with secret key for 
deciphering or signing data and matching public key easily 
derived. 
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International Patent Class (Main) : H04L-009/30 
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5/5/2 (Item 2 from file: 350) 

DIALOG <R) File 350:Derwent WPIX 
(c) 2003 Thomson Derwent . All rts. reserv. 

007752198 

WPI Acc No: 1989-017310/198903 

XRPX Acc No: N89-013340 

Authentication of cards with electronic memory - using three zone memory 
with only two zones being readable to implement two-layer validation 
process . 

Patent Assignee: SCHLUMBERGER IND SA (SLMB ) 
Inventor: BARAKAI S 

Number of Countries: 011 Number of Patents: 003 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

EP 299826 A 19890118 EP 88401645 A 19880628 198903 B 

FR 2618002 A 19890113 198910 

US 4910774 A 19900320 US 88216644 A 19880708 199017 

Priority Applications (No Type Date) : FR 879794 A 19870710 

Cited Patents: EP 147337; EP 30381; FR 2536928; US 4094462; US 4211919 

Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
EP 299826 A F 9 

Designated States (Regional) : BE CH DE ES FR GB IT LI NL SE 

Abstract (Basic) : EP 299826 A 

The card memory is divided into three zones (Z1,Z2,Z3) the first 
(Zl) being accessible for reading and containing signature (S) data 
obtained from secret data (D) recorded in the third zone (Z3) which is 
inaccessible for reading. The second zone (Z2) is also accessible for 
reading and contains the results of encoding, using secret and public 
keys, of the data in the first memory zone. 

Before the cardis sent to the user the first and third zones are 
written and the second zone data obtained by processing first and third 
zone data. When the card is read the public key is validated then 
the second zone data is computed and checked. 

ADVANTAGE - Provides secure authentication of electronic memory 
cards which prevents fraudulent fabrication of cards from blank cards. 
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Title Terms: AUTHENTICITY; CARD; ELECTRONIC; MEMORY; THREE; ZONE; MEMORY; 

TWO; ZONE; READ; IMPLEMENT; TWO; LAYER; VALID; PROCESS 
Derwent Class: T01; T04 

International Patent Class (Additional): G06K-019/00; G07F-007/10; 

H04K-001/00 
File Segment: EPI 



5/5/3 (Item 3 from file: 350) 

DIALOG (R) File 350: Derwent WPIX 

(c) 2003 Thomson Derwent. All rts. reserv. 

004279566 

WPI Acc No: 1985-106444/198518 

XRPX Acc No: N85-079798 

Blind signature systems for electronic banking - allows supplier to 
transform valid bank note message for digital signing then transform it 
back 

Patent Assignee: SECURITY TECHNOLOGY CORP (SECU-N) ; CHAUM D (CHAU-I) 
Inventor: CHAUM D 

Number of Countries: 011 Number of Patents: 004 
Patent Family: 
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Priority Applications (No Type Date) : US 83524896 A 19830822 
Cited Patents: 3.Jnl.Ref; A3... 8705; No-SR.Pub 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
EP 139313 A E 40 

Designated States (Regional) : AT BE CH DE FR GB IT LI NL SE 
EP 139313 Bl E 26 H04L-009/00 

Designated States (Regional) : AT BE CH DE FR GB IT LI NL SE 
DE 3485804 G H04L-009/00 Based on patent EP 139313 

Abstract (Basic) : EP 139313 A 

A first party (101) supplies messages to a second party (102) who 
returns to the first party a digital signature on supplied messages. A 
blind signal system is involved which includes generating a first 
secret key at the first party, this key being at least unknown to the 
second party. A message is transformed with the key and transmitted to 
the second party. A digital signature is formed of the transformed 
message with a secret signing key which is normally not known to the 
first party. 

The digital signature is then transmitted from the second party to 
the first party. The digital signature is transformed at the first 
party with the first secret key to produce a second transformed 
message. The first and second transformed messages are not readily 
determined to correspond without knowledge of the first secrete key, 
and the second transformed message carries a digital signature properly 
relating to the message. 

USE/ADVANTAGE - In banking using electronic money, without it 
being possible for the bank to trace all transactions validated by a 
customer's signature. 
Title Terms: BLIND; SIGNATURE; SYSTEM; ELECTRONIC; BANK; ALLOW; SUPPLY; 

TRANSFORM; VALID; BANK; NOTE; MESSAGE; DIGITAL; SIGN; TRANSFORM; BACK 
Derwent Class: W01 

International Patent Class (Main) : H04L-009/00 
File Segment: EPI 
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10/5/18 (Item 14 from file: 350) 

DIALOG (R) File 350:Derwent WPIX 

(c) 2003 Thomson Derwent. All rts. reserv. 

004348531 

WPI Acc No: 1985-175409/198529 

Circuit cryptographic device - has microprocessor and digital signal 
processor which controls public key forming operation NoAbstract 
Dwg 3/3 

Patent Assignee: FUJITSU LTD (FUIT ) 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

JP 60105338 A 19850610 JP 83211712 A 19831112 198529 B 

Priority Applications (No Type Date) : JP 83211712 A 19831112 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
JP 60105338 A 9 

Title Terms: CIRCUIT; CRYPTOGRAPHIC; DEVICE; MICROPROCESSOR; DIGITAL; 

SIGNAL; PROCESSOR; CONTROL; PUBLIC; KEY; FORMING; OPERATE; NOABSTRACT 
Index Terms /Additional Words: SECRET; COMMUNICATE 
Derwent Class: W01 

International Patent Class (Additional) : H04L-009/02 
File Segment: EPI 
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DIALOG (R) File 256 : Sof tBase : Reviews, Companies & Prods . 
(c)2003 Info. Sources Inc. All rts. reserv. 

01139424 DOCUMENT TYPE: Product 

PRODUCT NAME: VeriTracks (139424) 

General Dynamics Interactive (706639) 
3190 Fairview Park Dr 

Falls Church, VA 22042-4523 United States 
TELEPHONE: (703) 876-3000 

RECORD TYPE: Directory 

CONTACT: Sales Department 

REVISION DATE: 20030316 

...extracts crime incident data from local law enforcement agencies 1 
records management systems (RMSes) . Information is protected with public 
key infrastructure (PKI) technologies. The Hit Engine component provides 
users with spatial analysis features, which can. . 
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File 348: EUROPEAN PATENTS 1978-2003/Nov W02 

(c) 2003 European Patent Office 
File 349: PCT FULLTEXT 1979-2002/UB=20031113, UT=20031106 

(c) 2003 WIPO/Univentio 



12/5, K/l (Item 1 from file: 348) 

DIALOG (R) File 348:EUROPEAN PATENTS 
(c) 2003 European Patent Office. All rts. reserv. 



00580551 

STORAGE PROTECTION UTILIZING PUBLIC KEY CONTROL . 
SPEICHERSCHUTZ MIT SCHUTZSCHLUSSEL. 

PROTECTION DE MEMOIRE A L 1 AIDE D'UNE COMMANDE PAR CODES PUBLICS. 

PATENT ASSIGNEE: 

IBM DEUTSCHLAND GMBH, (276960), Pascalstrasse 100, D-70569 Stuttgart, 

(DE), (applicant designated states: DE) 
International Business Machines Corporation, (200120), Old Orchard Road, 

Armonk, N.Y. 10504, (US), (applicant designated states: 

CH ; DK; ES ; FR; GB; IT; LI ; NL; SE; AT ) 
INVENTOR: 

CLARK, Carl, Edward, 46 Bart Drive, Poughkeepsie, NY 12603, (US) 
MALL, Michael Gerard, 53 La Crosse Drive, Morgan Hill, California 95037, 
(US) 

SCALZI, Casper, Anthony, 16 Academy Street, Apt. 7E, Poughkeepsie, NY 
12601, (US) 

SINHA, Bhaskar, 19 Kendell Drive, Wappingers Falls, NY 12590, (US) 
LEGAL REPRESENTATIVE: 

Schafer, Wolfgang, Dipl.-Ing. (62021), IBM Deutschland 

Inf ormationssysteme GmbH, Patentwesen und Urheberrecht , D-70548 
Stuttgart, (DE) 

PATENT (CC, No, Kind, Date) : EP 587587 Al 940323 (Basic) 

WO 9222032 921210 
APPLICATION (CC, No, Date) : EP 92909416 920429; WO 92EP926 920429 
PRIORITY (CC, No, Date) : US 710875 910606 

DESIGNATED STATES: AT; CH; DE; DK; ES; FR; GB; IT; LI; NL; SE 
INTERNATIONAL PATENT CLASS: G06F-012/14; 

CITED PATENTS (WO A): FR 1562429 A; FR 1562429 A; US 4472790 A 
CITED REFERENCES (WO A) : 

ELECTRO '86 AND MINI/MICRO NORTHEAST CONFERENCE RECORD November 1986, LOS 
ANGELES, US 21/2 pages 1 - 6; P. BUNCE ET AL.: 'System integrity in 
real-time MIL-STD-1750A environments'; 
NOTE: 

No A-document published by EPO 
LEGAL STATUS (Type, Pub Date, Kind, Text) : 
Application: 940323 Al Published application (Alwith Search Report 

;A2 without Search Report) 
Examination: 940323 Al Date of filing of request for examination: 

930903 

^Assignee: 951102 Al Applicant (transfer of rights) (change) : IBM 

DEUTSCHLAND GMBH (276960) Pascalstrasse 100 
D-70569 Stuttgart (DE) (applicant designated 
states: DE) , International Business Machines 
Corporation (200120) Old Orchard Road Armonk, 
N.Y. 10504 (US) (applicant designated states: 
AT ; CH ; DE ; DK; ES ; FR; GB ; I T ; LI ; NL ; SE ) 

^Assignee: 960117 Al Applicant (transfer of rights) (change) : 

International Business Machines Corporation 
(200120) Old Orchard Road Armonk, N.Y. 10504 
(US) (applicant designated states: 
AT ; CH ; DE ; DK ; ES ; FR ; GB ; IT ; LI ; NL ; SE ) 

* Assignee: 960117 Al Previous applicant in case of transfer of 

rights (change) : IBM DEUTSCHLAND GMBH (276960) 
Pascalstrasse 100 D-70569 Stuttgart (DE) 
(applicant designated states: DE) 
Withdrawal: 980429 Al Date on which the European patent application 

was deemed to be withdrawn: 971101 

LANGUAGE ( Publication, Procedural , Application) : English; English; English 
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12/5, K/3 (Item 3 from file: 348) 

DIALOG (R) File 34 8: EUROPEAN PATENTS 
(c) 2003 European Patent Office. All rts. reserv. 

00527049 

Public key cryptosystem key management based on control vectors . 
Schlusselverwaltung fur Geheimubertragungs system mit offentlichem Schlussel 

auf Grundlage von Steuervektoren . 
Administration de cle pour systeme cryptographique a cle publique basee sur 

des vecteurs de commande. 
PATENT ASSIGNEE: 

International Business Machines Corporation, (200120), Old Orchard Road, 
Armonk, N.Y. 10504, (US), (applicant designated states: 
AT ; CH ; DE ; DK ; ES ; FR ; GB ; I T ; LI ; NL ; S E ) 
INVENTOR: 

Matyas, Stephen M., 10 298 Cedar Ridge Drive, Manassas, VA 22 110, (US) 
Johnson, Donald B . , 11 635 Crystal Creek Lane, Manassas, VA 22 111, (US) 
Le, An V., 10 227 Battlefield Drive, Manassas, VA 22 110, (US) 
Prymak, Rostislaw, 15 900 Fairway Drive, Dumfries, VA 22 026, (US) 
Martin, William C, 1835 Hilliard Lane, Concord, NC 28 025, (US) 
Rohland, William S., 4234 Rotunda Road, Charlotte, NC 28 226, (US) 
Wilkins, John D . , P.O. Box 8, Somerville, VA 22 739, (US) 
LEGAL REPRESENTATIVE: 

Schafer, Wolfgang, Dipl.-Ing. (62021), IBM Deutschland 

Inf ormationssysteme GmbH Patentwesen und Urheberrecht , D-70548 
Stuttgart, (DE) 

PATENT (CC, No, Kind, Date): EP 534419 A2 930331 (Basic) 

EP 534419 A3 940629 
APPLICATION (CC, No, Date): EP 92116307 920911; 
PRIORITY (CC, No, Date) : US 766260 910927 

DESIGNATED STATES: AT; CH; DE; DK; ES; FR; GB; IT; LI; NL; SE 
INTERNATIONAL PATENT CLASS: H04L-009/08; 

ABSTRACT EP 534419 A2 

A data processing system, method and program are disclosed, for 
managing a public key cryptographic system. The method includes the steps 
of generating a first public key and a first private key as a first pair 
in the data processing system, for use with a first public key algorithm 
and further generating a second public key and a second private key as a 
second pair in the data processing system, for use with a second public 
key algorithm. The method then continues by assigning a private control 
vector for the first private key and the second private key in the data 
processing system, for defining permitted uses for the first and second 
private keys. Then the method continues by forming a private key record 
which includes the first private key and the second private key in the 
data processing system, and encrypting the private key record under a 
first master key expression which is a function of the private control 
vector. The method then forms a private key token which includes the 
private control vector and the private key record, and stores the private 
key token in the data processing system. 

At a later time, the method receives a first key use request in the 
data processing system, requiring the first public key algorithm. In 
response to this, the method continues by accessing the private key token 
in the data processing system and checking the private control vector to 
determine if the private key record contains a key having permitted uses 
which will satisfy the first request. The method then decrypts the 
private key record under the first master key expression in the data 
processing system and extracts the first private key from the private key 
record. The method selects the first public key algorithm in the data 
processing system for the first key use request and executes the first 
public key algorithm in the data processing system using the first 
private key to perform a cryptographic operation to satisfy the first key 
use request, (see image in original document) 

ABSTRACT WORD COUNT: 34 3 

LEGAL STATUS (Type, Pub Date, Kind, Text) : 
Application: 930331 A2 Published application (Alwith Search Report 

;A2without Search Report) 
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Examination : 
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Change: 
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Change : 
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Examination : 
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International search report 



970424 

Date on which the European patent applicatior 
was deemed to be withdrawn: 981215 
LANGUAGE (Publication, Procedural, Application) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 

CLAIMS A (English) EPABF1 3823 

SPEC A (English) EPABF1 40413 
Total word count - document A 44236 
Total word count - document B 0 
Total word count - documents A + B 4 4236 



..SPECIFICATION specified as a parameter input to a cryptographic 
instruction, the PU authenticator is used to validate the public key 
as part of key recovery, before the recovered PU is processed within the 
cryptographic instruction. . . 

..specified as a parameter input to a cryptographic instruction, the PR 
authenticator is used to validate the public key as part of key 
recovery, before the recovered PR is processed within the cryptographic 
instruction. length>0) , or has no accompanying system signature 
(dsigl-length=0) . If present, dsigl is validated with a public key , 
PU, contained in the specified Internal Key Unit, IKU1. ePUM(keyblk) may 
be imported with... of the public key algorithm. The process of validating 
dsig consists of encryption with a public key , consistency checking 
to validate the redundancy bytes, and recovery of of the 
hash-value-of-ref erence originally used to... 



12/5, K/9 (Item 9 from file: 348) 

DIALOG (R) File 34 8: EUROPEAN PATENTS 

(c) 2003 European Patent Office. All rts. reserv. 

00291152 

Controlling the use of cryptographic keys via generating station 

established control values. 
Steuerung der Anwendung von Geheimubertragungsschlusseln durch in einer 

Erzeugungsstelle hergestellte Steuerwerte. 
Commande de 1 'utilisation de cles cryptographiques par des valeurs de 

commande etablies dans une station de generation. 
PATENT ASSIGNEE: 

International Business Machines Corporation, (200120), Old Orchard Road, 
Armonk, N.Y. 10504, (US), (applicant designated states: DE; FR; GB; IT; NL) 
INVENTOR: 

Matyas, Stephen Michael, Jr., 8978 Miles Place, Manassa Virginia 22110, 
(US) 

Meyer, Carl Heinz Wilhelm, 27 Norma Court, Kingston New York 12401, (US) 
Brachtl, Bruno Oswald, Weinbergstrasse 20, D-7033 Herrenberg, (DE) 
LEGAL REPRESENTATIVE: 

Burt, Roger James, Dr. (52152), IBM United Kingdom Limited Intellectual 
Property Department Hursley Park, Winchester Hampshire S021 2JN, (GB) 
PATENT (CC, No, Kind, Date) : EP 292790 A2 881130 (Basic) 

EP 292790 A3 900124 
EP 292790 Bl 930818 
APPLICATION (CC, No, Date): EP 88107596 880511; 
PRIORITY (CC, No, Date) : US 55502 870529 
DESIGNATED STATES: DE; FR; GB; IT; NL 
INTERNATIONAL PATENT CLASS: H04L-009/00; 

CITED PATENTS (EP A): US 4227253 A; US 4649233 A; US 4386233 A; US 4578530 
A; WO 8102655 A 

ABSTRACT EP 292790 A2 

A method of controlling the use of securely transmitted information in 
a network of stations in which each potentially cooperating station 
includes a cryptographic facility (10) which securely stores a master key 
and in which, for each transmission between a pair of stations, a 
cryptographic key result is provided for each station of the pair by a 
generating station which is either one of the pair or a station external 
to the pair under a cryptographic protocol common to the network, the 
cryptographic key results for the transmission having a random component 
notionally particular to the transmission, a master key variant component 
characteristic of the protocol and a target station component either 
particular to the stations individually or as a pair, wherein, in 
response to a generating command invoked in the generating station for 
establishing a controlled use secure transmission between a designated 
pair of stations, the generating station generates the cryptographic key 
result for each designated station, accesses the control value common to 
the system for the permitted operation for each of the stations for the 
particular transmission, combines the control value with the common key 
result or each individual key result and causes the appropriate combined 
key result to be established in each station of the pair for the 
transmission, and wherein the cryptographic facility (10) in each station 
is arranged, when an operating command is invoked to perform a designated 
operation with respect to such securely transmitted information, to 
automatically abort such operation unless it matches the control value. 

ABSTRACT WORD COUNT: 256 

LEGAL STATUS (Type, Pub Date, Kind, Text) : 
Application: 881130 A2 Published application (Alwith Search Report 

;A2without Search Report) 
Examination: 890524 A2 Date of filing of request for examination: 

890321 

Search Report: 900124 A3 Separate publication of the European or 

International search report 
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A procedure is disclosed for initialising with security and integrity a 
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variables. Each terminal in the network is provided with a terminal 
identification known to the key distribution centre, the public key of 
the key distribution centre is stored in the cryptographic facility of 
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and the terminal initialiser for each terminal is notified of two 
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Claims 
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English Abstract 

A multi-level security apparatus and method for a network employs a 
secure network interface unit (SNIU) coupled between each host or user 
computer unit (TS, S, S-U, PC, U) and a network, and a security manager 
(SM) coupled to the network, for controlling the operation and 
configuration of the SNIUs. Each SNIU is operative at a session level of 
interconnection which occurs when a user on the network is identified and 
a communication session is to commence. The SNIU is configured to perform 
a defined session level protocol, including the core function of user 
interface, session manager, dialog manager, association manager, data 
sealer, and network interface. The SM is implemented to ensure user 
accountability, configuration management, security administration, and 
validation key management on the network. 

French Abstract 

L 1 invention concerne un appareil et un procede de securite multiniveaux 
pour un reseau, qui utilisent une interface de reseau securisee couplee 
entre chaque ordinateur hote ou utilisateur (TS, S, S-U, PC, U) et un 
reseau, et un gestionnaire de securite (SM) couple au reseau permettant 
de controler le f onctionnement et la configuration des interfaces de 
reseau (SNIU) . Chaque interface de reseau est active a un niveau session 
d 1 interconnexion qui survient lorsqu'un utilisateur du reseau est 
identifie et qu'une session de communication va commencer. L 1 interface de 
reseau est configuree pour executer un protocole defini de niveau session 
comprenant la fonction controle d 1 interface utilisateur, de gestionnaire 
de session, de gestionnaire de dialogue, de gestionnaire d 1 association, 
de classification de securite, et d' interface de reseau. Le gestionnaire 
de session est mis en oeuvre pour assurer la facturation de 
1 1 tuilisateur, la gestion de la configuration, 1 1 administration de la 
securite, et la gestion des cles de validation sur le reseau. 

Fulltext Availability: 
Detailed Description 

Detailed Description 

... NSM) . 'Me SSA exchanges 

data and commands with its assigned SNIU, and performs initialization 
configuration control , access controL public key management, 
audit/alarms, and other services for the SNIU. The ASM manages the 
security f unctions ... in response to a NSM key request. The NSM returns a 
new certificate if the public key is validated . In addition, the 
NSM dictates when keys are to be generated by the SNITA. The... 
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English Abstract 

A method, using a public-key cryptosystem, for enabling a predetermined 
entity (18) to monitor communications of users suspected of unlawful 
activities while protecting the privacy of law-abiding users, wherein 
each user is assigned a pair of matching secret and public keys. 
According to the method, each user's secret key is broken into shares. 
Then, each user provides a plurality of "trustees" (22a) pieces of 
information. The pieces of information provided to each trustee (22a) 
enable that trustee (22a) to verify that such information includes a 
"share" of a secret key of some given public key. Each trustee (22a) can 
verify that the pieces of information provided include a share of the 
secret key without interaction with any other trustee (22a) or by sending 
messages to the user. Upon a predetermined request or condition, e.g., a 
court order (20) authorizing the entity (18) to monitor the 
communications of a user suspected of unlawful activity, the trustees 
(22a) reveal to the entity (18) the shares of the secret key of such 
user. This enables the entity (18) to reconstruct the secret key and 
monitor the suspect user's communications. 

French Abstract 

Procede utilisant un cryptosysteme de clefs publiques, permettant a une 
entite predeterminee (18) de controler les communications d 1 utilisateurs 
suspectes d'activite illicite tout en protegeant le secret d 1 utilisateurs 
respecteux de la loi, dans lequel chaque utilisateur se voit attribue une 
paire de clefs secretre et publique assorties. Selon le procede, la clef 
secrete de chaque utilisateur est divisee en parts. Ensuite, chaque 
utilisateur fournit a une pluralite de "mandataires " (22a) des 
informations. Les informations fournies a chaque "mandataire" (22a) 
permettent a ce dernier de verifier que lesdites informations presentent 
une "part" de clef secrete d ! une clef publique donnee. Chaque 
"mandataire" (22a) peut verifier que les informations fournies presentent 
une part de la clef secrete sans interaction avec aucun autre mandataire 
(22a), ou par transmission de messages a 1 1 utilisateur . Lors d f une , 
demande ou des conditions predeterminees , par exemple, un ordre de la 
cour (20) autorisant 1' entite (18) a surveiller les communications d'un 
utilisateur soupconne d'activite illicite, les "mandataires" (22a) 
revelent a 1' entite (18) les parts de ladite clef secrete de cet 
utilisateur. Ce procede permet a l 1 entite (18) de reconstituer la clef 
secrete et de surveiller les communications d' utilisateurs suspects. 
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Each 

trustee 22 individually inspects his received piece, 
and, if it is correct, approves the public key (e.g. 

signs it) and safely stores the piece relative to 
it. These approvals are given to a... 

.center 24, which may or may not coincide with the 
government, itsiBlf approves: {e.g.,, signs ) any public 

key that is approved by all trustees, These 
center-approved keys are the public keys of... degree of privacy of 
communication offered 

by the underlying Dif f ie-Hellman-scheme, in fact, 
the validation of a public key does not compromise 
the corresponding private key, Each trustee Ti 
receives, as a special piece... 

.own keys 

and the pieces of his private one. 

Second, if the key management center validates 

the public key Px, then its private key is 

guaranteed to be reconstructable by the government 

in case... their piece of the private key, The encryption of 

this piece -- in the trustee's public key and signed 

by the trustee -- can be made part of the user's 

public key. In this... 

.electronic device, such as an 

integrated circuit chip, the basic process of key 
selection and public - key validation can be done 
before the device leaves the factory, In this case, 
it may be. . . 
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ABSTRACT 

PURPOSE: To shorten the execution time in an verification method for 
protecting privacy by making it possible to check the authenticity of the 
electronic informa tion signed by a signer and making it impossible to 
collect the privacy informa tion of the signer therefrom. 

CONSTITUTION: This verification method for protecting privacy consists of a 
center signature issuing process for having an authentified signature 
issued by a certificate issuing center VIC for the multiple signature 

public key of the tamper-free arithmetic unit OA given to the signer 

Alice from the certificate issuing center VIC and the signer Alice and a 
signature forming/verifying process for having the signature verified by 
the Verifier after the arithmetic unit OA and the signer Alice put the 
multiple signatures on a message. An RSA blind signing system is directly 
utilized at the time of issuing the center signature and the number of the 
multiplicands at the time of signature formation/ verification is 
decreased, by which the calculation quantity is curtailed. 
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In tj>e public - key encryption system each node on the network is 
associated with a public and pivate key. A transmission over the 
network identifies its originating node and also includes a digital - 
signature code word generated by encoding predetermined portions of 
the transmission using the private key of the originating node. 

When a transmission is received, the receiving node verifies that 
the transmission was originated by the identified originating node by 
manipulating the packet contents using the public key associated 
with the originating node. The packet is accepted only if the digital 
- signature code word in the packet corresponds to contents of the 
packet and the public key of the originating node. 
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public key 

(I) The publicly-disclosable component of a pair of cryptographic keys used for 
asymmetric cryptography. (O) '(In a public key cryptosystem) that key of a user's key 
pair which is publicly known.' [RFC2828] A cryptographic key used with a public 
key cryptographic algorithm, uniquely associated with an entity, and that may be 
made public. In an asymmetric (public) key cryptosystem that key of an entity's key 
pair that may be publicly known. A public key may be used to (1) verify a digital 
signature that is signed by the corresponding private key, (2) encrypt data that may be 
decrypted by the corresponding private key, and (3) compute a piece of shared 
information by other parties. The public key is used to verify a digital signature. This 
key is mathematically linked with a corresponding private key. [SRV] That key of an 
entity's asymmetric key pair which can be made public. [SC27] That key of an entity's 
asymmetric key pair which can be made public. NOTE - In the case of an asymmetric 
signature system the public key defines the verification transformation. In the case of 
an asymmetric encipherment system the public key defines the encipherment 
transformation. A key that is 'publicly known' is not necessarily globally 
available. The key may only be available to all members of a pre- 
specified group. [SC27] That key of an entity's asymmetric key pair which can 
be made public. [ISO/IEC FDIS 9796-2 (12/2001), ISO/IEC 1 1770-1: 1996, ISO/IEC 
WD 18033-1 (12/2001)] That key of an entity's asymmetric key pair which can be 
made public. NOTE - In the case of an asymmetric signature system the public key 
defines the verification transformation. In the case of an asymmetric encipherment 
system the public key defines the encipherment transformation. A key that is 'publicly 
known' is not necessarily globally available. The key may only be available to all 
members of a pre-specified group. [SC27] The key in a matched key pair - private 
key and public key - that may be published, e.g. posted in a directory, for public key 
cryptography. [AJP] The key in a matched key pair-private key and public key - that 
is made public; for example, posted in a public directory for public key cryptography. 
[SRV] (see also asymmetric algorithm , cryptography , key , public-key infrastructure ) 

Information from SC27 site ISO Subcommittee 27.... 
public key 

That key of an entity's asymmetric key pair which can be made public. 
[ISO/IEC FDIS 9796-2 (12/2001), ISO/IEC 11770-1: 1996, ISO/IEC WD 18033-1 
(12/2001)] 

That key of an entity's asymmetric key pair which can be made public. 

NOTE - In the case of an asymmetric signature system the public key 
defines the verification transformation. In the case of an asymmetric 
encipherment system the public key defines the encipherment 
transformation. A key that is 'publicly known' is not necessarily 
globally available. The key may only be available to all members of a 
pre-specified group. [ISO/IEC 9798-1: 1997, ISO/IEC 11770-3: 1999, 
ISO/IEC WD 13888-1 (11/2001), ISO/IEC FDIS 15946-3 (02/2001)] 
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1 . Project reference: JTC 1 .27. 1 8.03 

2. Responsible WG: JTC 1/SC 27/WG 2 

3. Scope 

This part of ISO/IEC 11770 defines key management mechanisms based on asymmetric cryptographic 
techniques. Some of the mechanisms of this part of ISO/IEC 11770 are based on the corresponding 
authentication mechanisms in ISO/IEC 9798-3. 

This part of ISO/IEC 11770 does not cover aspects of key management such as key lifecycle management 
and mechanisms to store, archive, delete, destruct, etc. keys. It also does not cover the implementations of 
the transformations used in the key management mechanisms. 

4. Abstract of objectives 

This part of ISO/IEC 1 1770 specifically addresses the use of asymmetric techniques to achieve the 
following goals: 

o Establish a shared secret key between two entities A and B by key agreement. In a secret key 

agreement mechanism the secret key is the result of a data exchange between the two entities A 

and B. Neither of them can predetermine the value of the shared key. 
o Establish a shared secret key between two entities A and B by key transport, in a secret key 

transport mechanism the secret key is chosen by one entity A and is transferred to another entity B, 

suitably protected by asymmetric techniques, 
o Make an entity's public key available to other entities by key transport. In a public key transport 

mechanism, the public key of an entity A must be transferred to other entities in an authenticated 

way, but not requiring secrecy. 

5. Dependencies 

This document is part of a multi-part standard. Some mechanisms make use of the techniques specified in 
ISO/IEC 9798-3, Entity authentication mechanisms - Part 3: Entity authentication using a public key 
algorithm. 
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